Does anyone have instructions for IIS 6.0 ? <Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives.
On Thu, May 9, 2013 at 3:54 AM, Frank Moorman <[email protected]>wrote: > All, > > In case you have not heard... Adobe mentioned this last night... > > https://www.adobe.com/support/security/advisories/apsa13-03.html > > Essentially, the believe the exploit is already out there and is actively > infecting systems. > > However, it can be prevented through access controls on the CFIDE admin > directories. > > AFFECTED SOFTWARE VERSIONS > > ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX > MITIGATIONS > > Adobe recommends ColdFusion customers take the following steps to mitigate > this vulnerability: > > - Restrict public access to the CFIDE/administrator, CFIDE/adminapi > and CFIDE/gettingstarted directories by following the hardening guidance in > the ColdFusion 9 Lockdown > Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf> > and ColdFusion 10 Lockdown > Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf> > > > - Refer to the ColdFusion 9 Lockdown > Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf> > and ColdFusion 10 Lockdown > Guide<http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf> > for security best practices and further information on these > hardening techniques. > > This is the first I have heard of the CFIDE/gettingstarted directory, so > I am assuming that is only on CF10. Another directory that should be > protected but it not mentioned on this exploit(but has been mentioned on > others) is the CFIDE/componentutils directory. > > If needed/desired, I can share some simple .htaccess samples for people > that need to protect CF on an apache server... > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > -------------------------------------------------------------
